CVE-2019-12439

EPSS 0.14%
Published 29.05.2019 15:29:00
Last modified 21.11.2024 04:22:50
Source cve@mitre.org
Teams watchlist Login
Open Login

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.

Affected products Warnungen 0 Metrics 4 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Projectatomic ≫ Bubblewrap Version < 0.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.351

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	7.4	1.4	5.9	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00015.html

https://access.redhat.com/errata/RHSA-2019:1833

https://bugzilla.redhat.com/show_bug.cgi?id=1695963

Third Party Advisory

Issue Tracking

https://github.com/projectatomic/bubblewrap/commit/efc89e3b939b4bde42c10f065f6b7b02958ed50e

Patch

Third Party Advisory

https://github.com/projectatomic/bubblewrap/issues/304

Third Party Advisory

https://github.com/projectatomic/bubblewrap/releases/tag/v0.3.3